Developers love to fetch data over the network and love to pipe it directly into a language interpreter (e.g. curl http://get.mojolicio.us | sh
, curl https://getcomposer.org/installer | php
, etc.) and have put forth a great deal of resistance towards efforts to break these habits.
In order to be able to offer developers some security assurance, I have put together this proposal for a free service that will allow developers to obtain a verifiable copy of a program.
- 0x00-README.md - You are here!
- 0x01-workflow.md - Describes the service workflow
- 0x02-threatmodel.md - Our threat model
- 0x03-goals.md - Our goals
- 0x04-implementation.md - Implementation details
Comment anywhere, this is still a draft.